Forum Discussion
Enroll only selected servers in Azure Defender
We have 7-8 different subscriptions and have 1000s of VM. I have enabled Azure defender for Cloud for my subscription. However I want to exclude azure defender for selected servers (Vm's). Is it poss...
StanislavBelov
Microsoft
MicrosoftDefender for Servers still can only be enabled at the subscription level.
We do need this at least on the resource group level OR at bare minimum make a difference between Azure VMs and Arc VMs.
I am in the middle of the migration, I wanted to onboard 200 servers to Arc, to properly scope them for the migration, but thanks to this I can NOT use Arc, because this will push Defender for Server to all Arc machines with 15USD per machine.
At the moment I am left with 3 options:
1) Turn off Defender for entire sub.
2) Do not use Arc.
3) Create brand new subscription just because of this.
This should not be as difficult as it is, at LEAST make a separated switch for Arc machines.
I am in the middle of the migration, I wanted to onboard 200 servers to Arc, to properly scope them for the migration, but thanks to this I can NOT use Arc, because this will push Defender for Server to all Arc machines with 15USD per machine.
At the moment I am left with 3 options:
1) Turn off Defender for entire sub.
2) Do not use Arc.
3) Create brand new subscription just because of this.
This should not be as difficult as it is, at LEAST make a separated switch for Arc machines.
ovesely you can enable Defender for Servers (P1 only) at the resource level via REST API: https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-servers-plan#enable-defender-for-servers-at-the-resource-level
There is also a PowerShell script that helps you do this at scale: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/Defender%20for%20Servers%20on%20resource%20level
